Peran bawaan Azure untuk Storage
Artikel ini mencantumkan peran bawaan Azure dalam kategori Penyimpanan.
Kontributor Avere
Dapat membuat dan mengelola kluster Avere vFXT.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/*/baca | |
| Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/proximityPlacementGroups/* | |
| Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/disks/* | |
| Microsoft.Network/*/baca | |
| Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Menggabungkan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak dapat diberi tahu. |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Menggabungkan kelompok keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/*/baca | |
| Microsoft.Storage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan sumber daya untuk grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Mengembalikan hasil penulisan blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Avere
Digunakan oleh kluster Avere vFXT untuk mengelola kluster
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Compute/virtualMachines/baca | Mendapatkan properti mesin virtual |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Menggabungkan kelompok keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus kontainer |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengembalikan hasil dari wadah blob put |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Mengembalikan hasil penulisan blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Cadangan
Memungkinkan Anda mengelola layanan pencadangan,tetapi tidak dapat membuat vault dan memberi akses kepada orang lain
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/lokasi/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | Kelola hasil operasi pada manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | Membuat dan mengelola kontainer cadangan di dalam kain cadangan kubah Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan | Me-refresh daftar kontainer |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Mengekspor Pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Membuat dan mengelola Hasil operasi manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupPolicies/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang bisa dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | Membuat dan mengelola kontainer yang menyimpan item cadangan |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/sertifikat/* | Membuat dan mengelola sertifikat yang terkait dengan pencadangan di brankas Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | Membuat dan mengelola info yang diperluas terkait dengan kubah |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Membuat dan mengelola identitas terdaftar |
| Microsoft.RecoveryServices/Vaults/penggunaan/* | Membuat dan mengelola penggunaan kubah Layanan Pemulihan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/tulis | Operasi Create Vault membuat sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Menampilkan Status Operasi Pencadangan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca | Mendapatkan semua kontainer yang dapat dilindungi |
| Microsoft.RecoveryServices/vaults/operationStatus/read | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/vaults/operationResults/read | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Membuat daftar semua Niat Perlindungan cadangan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.DataProtection/locations/getBackupStatus/action | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Membuat Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/delete | Menghapus sebuah Instans Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | Lakukan penghapusan Instans Cadangan yang dihapus sementara. Instans Cadangan berpindah dari status SoftDeleted ke ProtectionStopped. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Memicu operasi pemulihan lintas wilayah pada instans cadangan tertentu. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Melakukan validasi untuk operasi pemulihan lintas wilayah. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Mencantumkan pekerjaan pemulihan lintas wilayah instans cadangan dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Dapatkan detail pekerjaan pemulihan lintas wilayah dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Mengembalikan titik pemulihan dari wilayah sekunder untuk pemulihan lintas wilayah yang diaktifkan Backup Vault. |
| Microsoft.DataProtection/backupVaults/backupPolicies/write | Membuat Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/delete | Menghapus Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/write | Memperbarui operasi BackupVault memperbarui sumber daya Azure jenis 'Backup Vault' |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/checkNameAvailability/action | Memeriksa apakah Nama BackupVault yang diminta Tersedia |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Memvalidasi apakah fitur didukung |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/operations/read | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | Operasi proksi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'proksi ResourceGuard' |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | Mendapatkan daftar proksi ResourceGuard untuk sumber daya |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | Membuka kunci hapus operasi proksi ResourceGuard membuka kunci operasi kritis penghapusan berikutnya |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | Membuat operasi proksi ResourceGuard membuat sumber daya Azure jenis 'Proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Mendapatkan operasi proksi ResourceGuard mendapatkan objek yang mewakili sumber daya Azure jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Membuat operasi proksi ResourceGuard membuat sumber daya Azure jenis 'Proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Operasi proksi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Membuka kunci hapus operasi proksi ResourceGuard membuka kunci operasi kritis penghapusan berikutnya |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backups, but can't delete vaults and give access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/vaults/operationStatus/read",
"Microsoft.RecoveryServices/vaults/operationResults/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/delete",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/write",
"Microsoft.DataProtection/backupVaults/backupPolicies/delete",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/write",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/locations/checkNameAvailability/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Mencadangkan Admin MUA
Mencadangkan MultiUser-Authorization. Dapat membuat/menghapus ResourceGuard
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DataProtection/*/read | |
| Microsoft.DataProtection/*/resourceGuards/write | |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Operasi Update ResouceGuard memperbarui sumber daya Azure jenis 'ResourceGuard' |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete | Operasi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'ResourceGuard' |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | Mendapatkan daftar ResourceGuards dalam Grup Sumber Daya |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/getBackupStatus/action | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Memvalidasi apakah fitur didukung |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Features/features/read | Mendapatkan fitur langganan. |
| Microsoft.Features/penyedia/fitur/baca | Mendapatkan fitur langganan di penyedia sumber daya tertentu. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Mendapatkan operasi proksi ResourceGuard mendapatkan objek yang mewakili sumber daya Azure jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Membuat operasi proksi ResourceGuard membuat sumber daya Azure jenis 'Proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Operasi proksi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Membuka kunci hapus operasi proksi ResourceGuard membuka kunci operasi kritis penghapusan berikutnya |
| Microsoft.DataProtection/subscriptions/providers/resourceGuards/read | Mendapatkan daftar ResourceGuards di dalam sebuah Langganan |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Mendapatkan informasi mengenai permintaan operasi default ResourceGuard |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Can create/delete ResourceGuard ",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"name": "c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/read",
"Microsoft.DataProtection/*/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read",
"Microsoft.Authorization/*/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.DataProtection/subscriptions/providers/resourceGuards/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator MUA Cadangan
Mencadangkan MultiUser-Authorization. Memungkinkan pengguna melakukan operasi penting yang dilindungi oleh resourceguard
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DataProtection/*/action | |
| Microsoft.DataProtection/*/read | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"name": "f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/action",
"Microsoft.DataProtection/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Backup Operator
Memungkinkan Anda mengelola layanan pencadangan, kecuali penghapusan cadangan, pembuatan vault, dan memberikan akses kepada orang lain
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Menampilkan status operasi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca | Mendapatkan hasil Operasi yang dilakukan pada Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/tindakan | Melakukan Backup untuk item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Menampilkan status Operasi yang dilakukan pada Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Penyediaan Pemulihan Item Instan untuk Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Mendapatkan AccessToken untuk Pemulihan Lintas Wilayah. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Dapatkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Pulihkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Mencabut Pemulihan Item Instan untuk Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis | Buat Item yang Diproteksi cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Menampilkan semua kontainer terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan | Me-refresh daftar kontainer |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Mengekspor Pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Membuat dan mengelola Hasil operasi manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Hasil Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Menampilkan semua Kebijakan Perlindungan |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang bisa dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca | Menampilkan daftar semua Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca | Menampilkan semua kontainer milik langganan |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/sertifikat/tulis | Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/tulis | Operasi Daftarkan Kontainer Layanan dapat digunakan untuk mendaftarkan container dengan Recovery Service. |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Menampilkan Status Operasi Pencadangan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mendapatkan Status Operasi Kebijakan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/tulis | Buat kontainer terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/tindakan | Lakukan penyelidikan untuk beban kerja dalam kontainer |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis | Membuat Niat Perlindungan cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca | Dapatkan cadangan Niat Proteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca | Mendapatkan semua kontainer yang dapat dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Dapatkan semua item dalam kontainer |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/locations/backupAadProperties/baca | Mendapatkan Properti AAD guna autentikasi di wilayah ketiga untuk Pemulihan Lintas Wilayah. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrossRegionRestore/tindakan | Mulai Pemulihan lintas wilayah. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Membuat daftar semua Niat Perlindungan cadangan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Membuat Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/operations/read | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Memicu operasi pemulihan lintas wilayah pada instans cadangan tertentu. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Melakukan validasi untuk operasi pemulihan lintas wilayah. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Mencantumkan pekerjaan pemulihan lintas wilayah instans cadangan dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Dapatkan detail pekerjaan pemulihan lintas wilayah dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Mengembalikan titik pemulihan dari wilayah sekunder untuk pemulihan lintas wilayah yang diaktifkan Backup Vault. |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Memvalidasi apakah fitur didukung |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | Operasi proksi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'proksi ResourceGuard' |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | Mendapatkan daftar proksi ResourceGuard untuk sumber daya |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | Membuka kunci hapus operasi proksi ResourceGuard membuka kunci operasi kritis penghapusan berikutnya |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | Membuat operasi proksi ResourceGuard membuat sumber daya Azure jenis 'Proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Mendapatkan operasi proksi ResourceGuard mendapatkan objek yang mewakili sumber daya Azure jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Membuat operasi proksi ResourceGuard membuat sumber daya Azure jenis 'Proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Operasi proksi Hapus ResourceGuard menghapus sumber daya Azure yang ditentukan dari jenis 'proksi ResourceGuard' |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Membuka kunci hapus operasi proksi ResourceGuard membuka kunci operasi kritis penghapusan berikutnya |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupAadProperties/read",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Backup
Dapat melihat layanan pencadangan, tetapi tidak dapat membuat perubahan
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Menampilkan status operasi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca | Mendapatkan hasil Operasi yang dilakukan pada Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Menampilkan status Operasi yang dilakukan pada Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Dapatkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Menampilkan semua kontainer terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mengembalikan Hasil Operasi Tugas. |
| Microsoft.RecoveryServices/Vaults/backupJobs/baca | Menghasilkan semua Objek Tugas |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Mengekspor Pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/baca | Menampilkan Hasil Operasi Pencadangan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Hasil Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Menampilkan semua Kebijakan Perlindungan |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca | Menampilkan daftar semua Item yang Dilindungi. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca | Menampilkan semua kontainer milik langganan |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/baca | Menampilkan Konfigurasi Penyimpanan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupconfig/baca | Menghasilkan Konfigurasi untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Menampilkan Status Operasi Pencadangan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mendapatkan Status Operasi Kebijakan. |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca | Dapatkan cadangan Niat Proteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Dapatkan semua item dalam kontainer |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Membuat daftar semua Niat Perlindungan cadangan |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.DataProtection/locations/getBackupStatus/action | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Membuat Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/operations/read | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Mencantumkan pekerjaan pemulihan lintas wilayah instans cadangan dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Dapatkan detail pekerjaan pemulihan lintas wilayah dari wilayah sekunder. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Mengembalikan titik pemulihan dari wilayah sekunder untuk pemulihan lintas wilayah yang diaktifkan Backup Vault. |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Memvalidasi apakah fitur didukung |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Penyimpanan Klasik
Memungkinkan Anda mengelola akun penyimpanan klasik, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicStorage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Layanan Operator Kunci Akun Penyimpanan Klasik
Operator Kunci Akun Penyimpanan Klasik diizinkan untuk mencantumkan dan membuat kunci pada Akun Penyimpanan Klasik
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan | Membuat ulang kunci akses yang ada untuk akun penyimpanan. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Box
Memungkinkan Anda mengelola semuanya dalam Layanan Data Box, kecuali memberikan akses kepada orang lain.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Databox/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Box
Memungkinkan Anda mengelola Layanan Data Box, kecuali membuat urutan atau mengedit detail urutan dan memberikan akses kepada orang lain.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Databox/*/baca | |
| Microsoft.Databox/jobs/listsecrets/tindakan | |
| Microsoft.Databox/jobs/listcredentials/tindakan | Mencantumkan mandat tak terenkripsi yang terkait dengan urutan. |
| Microsoft.Databox/locations/availableSkus/tindakan | Metode ini mengembalikan daftar sku yang tersedia. |
| Microsoft.Databox/locations/validasiInputs/tindakan | Metode ini melakukan semua jenis validasi. |
| Microsoft.Databox/locations/regionConfiguration/tindakan | Metode ini mengembalikan konfigurasi untuk wilayah. |
| Microsoft.Databox/locations/validasiInputs/tindakan | Memvalidasi alamat pengiriman dan memberikan alamat alternatif jika ada. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengembang Data Lake Analytics
Memungkinkan Anda untuk mengirim, memantau, dan mengelola tugas Anda sendiri, namun tidak dapat membuat atau menghapus akun Data Lake Analytics.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.BigAnalytics/akun/* | |
| Microsoft.DataLakeAnalytics/akun/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Microsoft.BigAnalytics/akun/Hapus | |
| Microsoft.BigAnalytics/akun/TakeOwnership/tindakan | |
| Microsoft.BigAnalytics/akun/Hapus | |
| Microsoft.DataLakeAnalytics/akun/Hapus | Menghapus akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/TakeOwnership/tindakan | Memberikan izin untuk membatalkan pekerjaan yang dikirimkan oleh pengguna lain. |
| Microsoft.DataLakeAnalytics/akun/Tulis | Membuat atau memperbarui akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis | Membuat atau memperbarui akun DataLakeStore yang ditautkan dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis | Membatalkan tautan akun DataLakeStore dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/storageAccounts/Tulis | Membuat atau memperbarui akun Storage yang ditautkan dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/storageAccounts/Hapus | Membatalkan tautan akun Azure Storage dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis | Membuat atau memperbarui aturan firewall. |
| Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis | Menghapus aturan firewall. |
| Microsoft.DataLakeAnalytics/akun/computePolicies/Tulis | Membuat atau memperbarui kebijakan komputasi. |
| Microsoft.DataLakeAnalytics/akun/computePolicies/Hapus | Menghapus kebijakan komputasi. |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemindai Data Defender for Storage
Memberikan akses untuk membaca blob dan memperbarui tag indeks. Peran ini digunakan oleh pemindai data Defender for Storage.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write | Mengembalikan hasil penulisan tag blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read | Mengembalikan hasil pembacaan tag blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"name": "1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read"
],
"notDataActions": []
}
],
"roleName": "Defender for Storage Data Scanner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin Jaringan ELASTIC SAN
Memungkinkan akses untuk membuat Titik Akhir Privat pada sumber daya SAN, dan untuk membaca sumber daya SAN
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ElasticSan/elasticSans/*/read | |
| Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action | |
| Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write | |
| Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete | |
| Microsoft.ElasticSan/locations/asyncoperations/read | Polling status operasi asinkron. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows access to create Private Endpoints on SAN resources, and to read SAN resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"name": "fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*/read",
"Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Network Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik SAN Elastis
Memungkinkan akses penuh ke semua sumber daya di bawah Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ElasticSan/elasticSans/* | |
| Microsoft.ElasticSan/locations/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406",
"name": "80dcbedb-47ef-405d-95bd-188a1b4ac406",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca SAN Elastis
Memungkinkan akses baca jalur kontrol ke Azure Elastic SAN
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ElasticSan/elasticSans/*/read | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for control path read access to Azure Elastic SAN",
"id": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"name": "af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Grup Volume ELASTIC SAN
Memungkinkan akses penuh ke grup volume di Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Microsoft.ElasticSan/elasticSans/volumeGroups/* | |
| Microsoft.ElasticSan/locations/asyncoperations/read | Polling status operasi asinkron. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23",
"name": "a8281131-f312-4f34-8d98-ae12be9f0d23",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Volume Group Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Akses Data dan Pembaca
Memungkinkan Anda melihat semuanya tetapi tidak akan membiarkan Anda menghapus atau membuat akun penyimpanan atau sumber daya yang terkandung. Ini juga akan memungkinkan akses baca / tulis ke semua data yang terkandung dalam akun penyimpanan melalui akses ke kunci akun penyimpanan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/ListAccountSas/tindakan | Mengembalikan token SAS Akun untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Pencadangan Akun Penyimpanan
Memungkinkan Anda melakukan operasi pencadangan dan pemulihan menggunakan Azure Backup di akun penyimpanan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Authorization/locks/read | Mendapatkan kunci pada cakupan yang ditentukan. |
| Microsoft.Authorization/locks/write | Menambahkan kunci pada cakupan yang ditentukan. |
| Microsoft.Authorization/locks/delete | Menghapus kunci pada cakupan yang ditentukan. |
| Microsoft.Features/features/read | Mendapatkan fitur langganan. |
| Microsoft.Features/penyedia/fitur/baca | Mendapatkan fitur langganan di penyedia sumber daya tertentu. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/operations/read | Polling status operasi asinkron. |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete | Menghapus kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/read | Mencantumkan kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/write | Membuat atau memperbarui kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write | Membuat penanda titik pemulihan replikasi objek |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengembalikan hasil dari wadah blob put |
| Microsoft.Storage/storageAccounts/blobServices/read | Mengembalikan properti layanan blob atau statistik |
| Microsoft.Storage/storageAccounts/blobServices/write | Mengembalikan hasil dari properti layanan blob put |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/restoreBlobRanges/action | Kembalikan rentang blob ke keadaan pada waktu yang ditentukan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform backup and restore operations using Azure Backup on the storage account.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"name": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/write",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/restoreBlobRanges/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Penyimpanan
Mengizinkan pengelolaan akun penyimpanan. Menyediakan akses ke kunci akun, yang dapat digunakan untuk mengakses data melalui otorisasi Kunci Bersama.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Menggabungkan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak dapat diberi tahu. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Layanan Operator Kunci Akun Penyimpanan
Mengizinkan pencatatan dan regenerasi kunci akses akun penyimpanan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Blob Penyimpanan
Baca, tulis, dan hapus kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Hapus kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Mengembalikan kontainer atau daftar kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengubah metadata atau properti kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Hapus blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Menulis ke blob. |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/pindah/tindakan | Memindahkan blob dari satu jalur ke jalur lainnya |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/tambah/tindakan | Mengembalikan hasil penambahan konten blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Data Blob Penyimpanan
Memungkinkan akses penuh ke kontainer dan data blob Azure Storage, termasuk menetapkan kontrol akses POSIX. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/kontainer/* | Izin penuh pada kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/* | Izin penuh pada blob. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Blob Penyimpanan
Baca dan daftar kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Mengembalikan kontainer atau daftar kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Delegator Blob Penyimpanan
Dapatkan kunci delegasi pengguna, yang kemudian dapat digunakan untuk membuat penanda akses bersama untuk kontainer atau blob yang ditandai dengan kredensial Azure AD. Untuk informasi selengkapnya, lihat Membuat delegasi pengguna SAS.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage File Data Privileged Reader
Memungkinkan untuk membaca, menulis, menghapus, dan memodifikasi ACL pada file/direktori di berbagi file Azure dengan mengambil alih izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau pembuatan folder |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil penghapusan file/folder |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/tindakan | Mengembalikan hasil dari mengubah izin pada file/folder |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Membaca Hak Istimewa Semantik Pencadangan File |
| Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | Menulis Hak Istimewa Semantik Pencadangan File |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd",
"name": "69566ab7-960f-475b-8e7c-b3118f30c6bd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action",
"Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data File Penyimpanan Izin Khusus
Memungkinkan akses baca pada file/direktori di berbagi file Azure dengan mengambil alih izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Membaca Hak Istimewa Semantik Pencadangan File |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Customer has read access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b8eda974-7b85-4f76-af95-65846b26df6d",
"name": "b8eda974-7b85-4f76-af95-65846b26df6d",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini tidak memiliki bawaan yang setara pada server file Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau membuat folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil menghapus file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Lanjutan Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau membuat folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil menghapus file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/tindakan | Mengembalikan hasil dari mengubah izin pada file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Antrean Penyimpanan
Baca, tulis, dan hapus antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/hapus | Hapus antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca | Mengembalikan antrean atau daftar antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/tulis | Mengubah metadata atau properti antrean. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/hapus | Menghapus satu atau beberapa pesan dari antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip atau mengambil satu atau beberapa pesan dari antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tulis | Kirim pesan ke antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan | Mengembalikan hasil pemrosesan pesan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemroses Pesan Data Antrean Penyimpanan
Mengintip, mengambil, dan menghapus pesan dari antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip pesan. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan | Mengambil dan menghapus pesan. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage Queue Data Message Sender
Tambah pesan ke antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tambah/tulis | Kirim pesan ke antrean. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Antrean Penyimpanan
Baca dan daftar antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil operasi data.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca | Mengembalikan antrean atau daftar antrean. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip atau mengambil satu atau beberapa pesan dari antrean. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Tabel Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses ke Azure Storage tabel dan entitas
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Kueri tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/write | Membuat tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/delete | Menghapus tabel |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Mengkueri entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Menyisipkan, menggabungkan, atau mengganti entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete | Menghapus entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Menyisipkan entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action | Menggabungkan atau memperbarui entitas tabel |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/delete"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Tabel Penyimpanan
Memungkinkan akses baca ke tabel dan entitas Azure Storage
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Kueri tabel |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Mengkueri entitas tabel |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6",
"name": "76199698-9eea-4c19-bc75-cec21354c6b6",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}